Sr Application Security Engineer

Responsibilities:

  • Partner with engineering teams across Talent500 to create secure application and deployment architectures utilizing threat models and risk analysis documentation
  • Define policies across the organization for secure software development activities within hybrid cloud environments
  • Work with development teams, operations, governance, and other stakeholders to draft security standards and implement monitoring to adhere to those standards
  • Integrate and/or build security tools for integration in the CI/CD and build processes and work with development teams to mitigate findings
  • Support incident responders in analyzing applicable threats, vulnerabilities, controls and residual risks
  • Analyze and harden existing applications, infrastructure, automation, and deployment processes
  • Conduct internal penetration testing and coordinate external penetration tests and bug bounty programs
  • Coordinate with security researcher community for submitted vulnerabilities and issues

Ideal Background:

  • Bachelor's degree required; BS or MS in Computer Science, Information Technology, or a related field
  • 6+ years' experience in application security, with experience across SDLC activities such as threat modeling, secure code review, vulnerability management, and penetration testing
  • Broad knowledge of web, application, and cloud attack vectors and exploits
  • Subject matter expertise in applied key management, certificate management and cryptography
  • Deep understanding of authentication and authorization concepts and protocols including IAM, mTLS, OAuth/OIDC, and SAML
  • Comprehension in multiple programming languages (Python, Go, Scala, C/C++, Javascript/Typescript)
  • Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure)
  • Experience with deploying and securing SaaS applications and cloud environments at scale
  • Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices
  • Coordinating penetration testing / bug bounty programs and assisting with remediation
  • Knowledge of regulatory guidelines and standards such as SOC2, ISO 27001, FedRAMP, etc.
  • Understanding of application security maturity model frameworks and how to apply them
  • Strong written and verbal communication skills
Company
Talent500
Posted
06/11/2022
Location
Allahabad, UP, IN